RaffaelGrob opened a new issue, #4724:
URL: https://github.com/apache/camel-k/issues/4724
### What happened?
I have the operator installed to use an internal registry listening on a
service within the same namespace
(HTTPS://my-registry.my-namespace.svc.cluster.local:443). An internal
certificate (of type: cert-manager.io/issuer-kind: ClusterIssuer) is used.
The Problem: "x509: certificate signed by unknown authority" + Back-off
pulling image "my-registry.my-namespace.svc.cluster.local/my-namespace/
### Steps to reproduce
# Main Issue
1. I created a config map containing the CA/TLS of the certificate used by
the registry
```yaml
apiVersion: v1
data:
ca.crt: |
-----BEGIN CERTIFICATE-----
MIIB..THE ORIGINAL CA.CRT...iqDn6E=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MII...THE ORIGINAL TLS.CRT...fKs=
-----END CERTIFICATE-----
kind: ConfigMap
metadata:
annotations:
name: registry-ca-crt
namespace: my-namespace
```
2. I deployed the Operator with helm (excerpt from deployment.yaml)
```yaml
operator:
image: docker.io/apache/camel-k:2.0.0
platform:
build:
registry:
address: my-registry.svc.cluster.local
ca: registry-ca-crt
```
3. I deployed my Integration with the ERROR below.
**How does the `platform.build.registry.ca` parameter works?
- what is the required form of the config-map?
- will it solve the problem, so an integration can pull from a private
ssl-protected registry?**
# Second attempt (as illustration of a failed workaround)
I tried to work around the `ca` parameter as well.
1. I created a new Image `FROM docker.io/apache/camel-k:2.0.0`
2. Added additional Certificates to the Image
3. I deployed the Operator with helm (excerpt from deployment.yaml)
```yaml
operator:
image:
xxx.dkr.ecr.eu-central-1.amazonaws.com/yy/various:custom_apache_camel-k_2.0.0
platform:
build:
registry:
address: my-registry.svc.cluster.local
```
5. The result:
- Image can be pushed to the registry successfully
- ERROR: Image cannot be pulled while the integration starts a new pod.
### Relevant log output
```shell
Error of first described part:
kubectl logs camel-k-operator-896747ccb-hsjv9 --since 12h | jq '. |
select(.level != "info")'
The Error:
{
"level": "error",
"ts": 1694020373.59643,
"logger": "camel-k.controller.build",
"msg": "Build kit-cjsb5ht903fh2jn20p3g failed: Get
\"https://my-registry.my-namespace.svc.cluster.local/v2/\": dial tcp
172.20.249.120:80: i/o timeout",
"request-namespace": "my-namespace",
"request-name": "kit-cjsb5ht903fh2jn20p3g",
"api-version": "camel.apache.org/v1",
"kind": "Build",
"ns": "my-namespace",
"name": "kit-cjsb5ht903fh2jn20p3g",
"stacktrace":
"github.com/apache/camel-k/v2/pkg/util/log.Logger.Errorf\n\tgithub.com/apache/camel-k/v2/pkg/util/log/log.go:60\ngithub.com/apache/camel-k/v2/pkg/controller/build.(*monitorRoutineAction).updateBuildStatus\n\tgithub.com/apache/camel-k/v2/pkg/controller/build/monitor_routine.go:203\ngithub.com/apache/camel-k/v2/pkg/controller/build.(*monitorRoutineAction).runBuild\n\tgithub.com/apache/camel-k/v2/pkg/controller/build/monitor_routine.go:187"
}
Error of Second attempt
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 3m38s default-scheduler Successfully
assigned my-namespace/welcome-route2-858c5cff47-f2pfq to
ip-10-130-118-220.eu-central-1.compute.internal
Normal Pulling 2m6s (x4 over 3m37s) kubelet Pulling image
"my-registry.my-namespace.svc.cluster.local/my-namespace/camel-k-kit-cjsbe3fse9pjjl9nbdt0@sha256:5ef23fb57ddc34fa243ed96698efcd2d756d7cc70f060b923bd4187d02e43a7d"
Warning Failed 2m6s (x4 over 3m37s) kubelet Failed to
pull image
"my-registry.my-namespace.svc.cluster.local/my-namespace/camel-k-kit-cjsbe3fse9pjjl9nbdt0@sha256:5ef23fb57ddc34fa243ed96698efcd2d756d7cc70f060b923bd4187d02e43a7d":
rpc error: code = Unknown desc = failed to pull and unpack image
"my-registry.my-namespace.svc.cluster.local/my-namespace/camel-k-kit-cjsbe3fse9pjjl9nbdt0@sha256:5ef23fb57ddc34fa243ed96698efcd2d756d7cc70f060b923bd4187d02e43a7d":
failed to resolve reference
"my-registry.my-namespace.svc.cluster.local/my-namespace/camel-k-kit-cjsbe3fse9pjjl9nbdt0@sha256:5ef23fb57ddc34fa243ed96698efcd2d756d7cc70f060b923bd4187d02e43a7d":
failed to do request: Head
"https://my-registry.my-namespace.svc.cluster.local/v2/my-namespace/camel-k-kit-cjsbe3fse9pjjl9nbdt0/manifests/sha256:5ef23fb57ddc34fa243ed96698efcd2d756d7cc70f060b923bd4187d02e43a7d":
dial tcp: lookup my-registry.my-namespace.svc.cluster.local: no such host
Warning Failed 2m6s (x4 over 3m37s) kubelet Error:
ErrImagePull
Warning Failed 113s (x6 over 3m36s) kubelet Error:
ImagePullBackOff
Normal BackOff 101s (x7 over 3m36s) kubelet Back-off
pulling image
"my-registry.my-namespace.svc.cluster.local/my-namespace/camel-k-kit-cjsbe3fse9pjjl9nbdt0@sha256:5ef23fb57ddc34fa243ed96698efcd2d756d7cc70f060b923bd4187d02e43a7d"
```
### Camel K version
2.0.0
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@camel.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
